After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 349996 - Segmentation fault with malformed gradient files
Segmentation fault with malformed gradient files
Status: RESOLVED FIXED
Product: GIMP
Classification: Other
Component: General
2.3.x
Other Linux
: Normal normal
: 2.2
Assigned To: GIMP Bugs
GIMP Bugs
Depends on:
Blocks:
 
 
Reported: 2006-08-04 22:39 UTC by Ari Pollak
Modified: 2008-01-15 14:07 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
gradient file that crashes the gimp (564 bytes, text/plain)
2006-08-04 22:39 UTC, Ari Pollak 		Details

Description Ari Pollak 2006-08-04 22:39:26 UTC 
From Debian bug report http://bugs.debian.org/381440:

I accidentally created an invalid gradient file (last field of each segment
missing) while writing a Perl script to reverse gradients. GIMP's last
words were:

   GIMP: Corrupt segment 0 in gradient file
'/home/michael/.gimp-2.2/gradients/Sea-and-Land-old-reversed.ggr'.

I am not convinced that malformed input is justification for a SEGV. :P

Here is the backtrace:

+ Trace 69988

  • #0 gimp_data_factory_load_data
    at /tmp/buildd/gimp-2.3.10/./app/core/gimpdatafactory.c line 719
  • #1 gimp_datafiles_read_directories
    at /tmp/buildd/gimp-2.3.10/./libgimpbase/gimpdatafiles.c line 183
  • #2 gimp_data_factory_data_load
    at /tmp/buildd/gimp-2.3.10/./app/core/gimpdatafactory.c line 311
  • #3 gimp_data_factory_data_init
    at /tmp/buildd/gimp-2.3.10/./app/core/gimpdatafactory.c line 187
  • #4 gimp_restore
    at /tmp/buildd/gimp-2.3.10/./app/core/gimp.c line 820
  • #5 app_run
    at /tmp/buildd/gimp-2.3.10/./app/app_procs.c line 271
  • #6 main
    at /tmp/buildd/gimp-2.3.10/./app/main.c line 318
  • #7 __libc_start_main
    from /lib/libc.so.6
  • #8 _start
    at ../sysdeps/x86_64/elf/start.S line 113 






Comment 1


Ari Pollak





          2006-08-04 22:39:59 UTC
        



Created attachment 70231 [details]
gradient file that crashes the gimp






Comment 2


Raphaël Quinet





          2006-08-04 23:39:56 UTC
        



The error is correctly detected, but not correctly reported.  This line:
  g_message (_("Failed to load data:\n\n%s"), error->message);
causes a crash because error is NULL.

This happens because the load_func fails and returns NULL but does not set
the error variable before returning:
data_list = factory->loader_entries[i].load_func (file_data->filename, &error);







Comment 3


Raphaël Quinet





          2006-08-04 23:53:44 UTC
        



2006-08-05  Raphael Quinet  <raphael@gimp.org>

	* app/core/gimpgradient-load.c (gimp_gradient_load): Do not crash
	when loading corrupt gradient files.  Ensure that error messages
	are correctly reported with g_set_error() instead of g_message().
	Fixes bug #349996.







Comment 4


Raphaël Quinet





          2006-08-05 00:06:58 UTC
        



Also backported to the stable branch gimp-2-2.






Comment 5


Michael Schumacher





          2006-08-05 08:11:55 UTC
        



Setting milestone 2.2 to make it show up in the fixed bugs.